add-user-cert

File contents

#!/bin/sh
# Johannes Reetz, 2009
# This script is for  adding a user's personal certificate (incl. key) from a PKCS12 store to a 
#   prepared JAVA keystore. As a prerequisite, the JAVA keystore (destkeystore) must have the same
#   store password as the user's PKCS12. Therefore two steps are necessary:
#   1) renaming the password of the JAVA keystore (which contains all the IGTF CA certificates)
#      We assume that the JAVA keystore with the CA certificates has the standard password "storepass" 
#   2) adding the user's certificate+keyword, e.g. packed in a keystore, usually a backup from a browser 
#      in PKCS12 format, to the JAVA keystore
# 
# Prerequisites: 
#  - JAVA JRE 1.6 or later
#  - keytool must be available, i.e. the bin-Directory of the JRE/JDK installation that contains the keytool utility must be in the PATH

USERKEYSTORE=$1
DESTKEYSTORE=$2
USERSTOREPASS=$3

usage() {
  echo ""
  echo 'synopsis: add-user-cert <user PKCS12 keystore> <dest. keystore> <password of the PKCS12 keystore> '
  echo ""
}

for arg in "$@"
do
  case "$arg" in
    -h | -help | --help | \* | -\?)
      usage
      exit 0;;
    *)
      ;;
  esac
done

if [ $# -ne 3 ]
then
 usage
 exit 0
fi


echo "UserKeystore = `ls -l $USERKEYSTORE`"
echo "JAVA keystore= `ls -l $DESTKEYSTORE`"


keytool -storepasswd -storepass storepass -new $USERSTOREPASS -keystore $DESTKEYSTORE 
echo "Password of $DESTKEYSTORE has been changed"

keytool -importkeystore -srckeystore $USERKEYSTORE -srcstorepass $USERSTOREPASS -srcstoretype pkcs12 -destkeystore $DESTKEYSTORE -storepass $USERSTOREPASS

echo "---- the keystore (truststore) now comprises the following CA certificates and user certificate" 
keytool -list -storepass $USERSTOREPASS -keystore $DESTKEYSTORE